|
|
|
|
|
|
by exabrial
1302 days ago
|
|
|
Don't use Docker. Use heavy sigh systemd security features. Yes, this is something that systemd actually does really well. And it keeps all your processes and files visible and inspectable to standard unix tools (ps, htop, ls, etc). * chroot
* cgroups
* PrivateNetwork
* PrivateTmp
* isolated devices
* IPAddressAllow
* SocketBindAllow
* ReadOnlyPaths https://docs.arbitrary.ch/security/systemd.html |
|
|